Re: Using TCPA

2005-02-05 Thread Sean Smith
On Feb 4, 2005, at 6:58 AM, Eric Murray wrote: So a question for the TCPA proponents (or opponents): how would I do that using TCPA? check out enforcer.sourceforge.net We also had a paper at ACSAC 2004 with some of the apps we've built on it. Two things we've built that haven't made it yet to

Re: Any TLS server key compromises?

2004-08-14 Thread Sean Smith
has a TLS server (or client, for that matter) key ever actually been compromised? Hi, Marc! I don't know about in-the-wild attacks. However, proof-of-concept attacks: Server-side: Brumley and Boneh did timing attacks on Apache SSL servers---see their Usenix Security paper from 2003.

Re: dual-use digital signature vulnerability

2004-07-28 Thread Sean Smith
For what it's worth, last week, I had the chance to eat dinner with Carlisle Adams (author of the PoP RFC), and he commented that he didn't know of any CA that did PoP any other way than have the client sign part of a CRM. Clearly, this seems to contradict Peter's experience. I'd REALLY love

Re: dual-use digital signature vulnerability

2004-07-18 Thread Sean Smith
at the NIST PKI workshop a couple months ago there were a number of infrastructure presentations where various entities in the infrastructure were ...signing random data as part of authentication protocol I believe our paper may have been one of those that Lynn objected to. We used the

Re: dual-use digital signature vulnerability

2004-07-18 Thread Sean Smith
it isn't sufficient that you show there is some specific authentication protocol with unread, random data ... that has countermeasures against a dual-use attack ... but you have to exhaustively show that the private key has never, ever signed any unread random data that failed to contain

Re: PKI Research Workshop '04, CFP

2003-10-22 Thread Sean Smith
(To those people who missed the original comment a year or two back, the first PKI workshop required that people use plain passwords for the web-based submission system due to the lack of a PKI to handle the task). Hey, but at least the password was protected by an SSL channel, which was

is secure hardware worth it? (Was: Re: fyi: bear/enforcer open-source TCPA project)

2003-09-11 Thread Sean Smith
Just to clarify... I'm NOT saying that any particular piece of secure hardware can never be broken. Steve Weingart (the hw security guy for the 4758) used to insist that there was no such thing as tamper-proof. On the HW level, all you can do is talk about what defenses you tried, what

Re: fyi: bear/enforcer open-source TCPA project

2003-09-09 Thread Sean Smith
How can you verify that a remote computer is the real thing, doing the right thing? You cannot. Using a high-end secure coprocessor (such as the 4758, but not with a flawed application) will raise the threshold for the adversary significantly. No, there are no absolutes. But there are

fyi: bear/enforcer open-source TCPA project

2003-09-08 Thread Sean Smith
The Bear/Enforcer Project Dartmouth College http://enforcer.sourceforge.net http://www.cs.dartmouth.edu/~sws/abstracts/msmw03.shtml How can you verify that a remote computer is the real thing, doing the right thing? High-end secure coprocessors are expensive and computationally limited;